Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Question on tags

From: Kevin Smith <kjsmith () tm net>
Date: Sat, 26 Mar 2005 15:51:19 -0500
Hey everyone,
I finally got snort, barnyard, and mysql working together. For some odd reason it does not like simply mepis with mysql 4.1. I used Pro mepis with mysql 4.0.2 and it worked without a problem.
My question is about the tag keyword. I'm a little confused as to how it works. Say ten packets come over the interface, does it grab all in time x and log it as 1, but oviously the size is bigger with the payload. Or does it still log all of them sperataly after the time has expired? Also in the manual it says that tagged packets are not properly logged in a database. Is it after a certain amount of time? Or what happens when it tries to log to a database. My goal is to lower the amount of entries in the database of traffic that we are looking at, there are about 15,000 packets in 10 minutes. I would like to use the tag option to lower the amount of entries in the database if that is possible. Or is there a better way to do that? 

Thanks again for everyone's help
Kevin


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: